https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251683
Mark Linimon changed:
What|Removed |Added
Assignee|b...@freebsd.org|n...@freebsd.org
--
You are receiv
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240144
Li-Wen Hsu changed:
What|Removed |Added
CC||lw...@freebsd.org
Resolution|
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240400
Rodney W. Grimes changed:
What|Removed |Added
CC||n...@freebsd.org,
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240400
Cy Schubert changed:
What|Removed |Added
Assignee|n...@freebsd.org |c...@freebsd.org
--
You are receiv
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240400
Cy Schubert changed:
What|Removed |Added
Severity|Affects Many People |Affects Only Me
--
You are receivin
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240400
--- Comment #2 from Cy Schubert ---
11.2-RELEASE does not have r338047, the bucket index fix. Update to 11.3-STABLE
first, please. Or see PR/208566 for the fix.
--
You are receiving this mail because:
You are the assignee for the bug.
___
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240400
--- Comment #1 from Cy Schubert ---
ipnat -lv output, please.
--
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-net@freebsd.org mailing list
https
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240400
DYM changed:
What|Removed |Added
Severity|Affects Some People |Affects Many People
--
You are receiving th
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240400
Mark Linimon changed:
What|Removed |Added
Assignee|b...@freebsd.org|n...@freebsd.org
--
You are receiv
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240144
--- Comment #1 from Aleks ---
work
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
___
freebsd-net@freebsd.org mailing list
https://
mary|Ipnat.rules rdr & |ipnat: redirect (rdr) rule
||does not work
CC||n...@freebsd.org
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240144
Kubilay Kocak changed:
What|Removed |Added
Hardware|Any |amd64
--
You are receiving this m
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237197
Rodney W. Grimes changed:
What|Removed |Added
CC||n...@freebsd.org
--
You are re
th (11, 12) stable
branches, with fixes to be included in 11.3-RELEASE.
Do any other PR exist that references the relevant ipnat commits, so this bug
can be set to depend on them?
With @triage hat:
- Set resolution FIXED: with resolution: update to stable/11 or stable/12
- Assign to committer tha
Status|Open|Closed
--- Comment #12 from Cy Schubert ---
11.2-RELEASE does not have nor will it have the ipnat patches applied. You must
wait for 11.3-RELEASE, which IIRC should be GA over summer sometime.
You can svnup your sources to 11-STABLE, which has the fix, or install
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237197
Kubilay Kocak changed:
What|Removed |Added
Flags||mfc-stable11?
Keywords|
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237197
--- Comment #10 from fr...@deze.org ---
That makes sense, Cy did not back-port all ipfilter patches into 11.2-RELEASE
(not sure about 11-STABLE).
--
You are receiving this mail because:
You are the assignee for the bug.
__
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237197
--- Comment #9 from Mike ---
Well, in a desperate move, I have upgraded to 12.0 and the problem magically
disappeared ...
--
You are receiving this mail because:
You are the assignee for the bug.
__
||
--- Comment #8 from Mike ---
Created attachment 203594
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=203594&action=edit
ipnat -s with stock kernel
Not really better :-)
--
You are receiving this mail because:
You are the assignee for
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237197
Mike changed:
What|Removed |Added
Attachment #203593|text/x-log |text/plain
mime type|
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237197
--- Comment #6 from Mike ---
Tried your nat_maxbucket increase. It did not help
Thanks anyways :-)
--
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-net@free
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237197
fr...@deze.org changed:
What|Removed |Added
CC||fr...@deze.org
--- Comment #5 from
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237197
--- Comment #4 from Mike ---
Attached ipnat -s and ipfstat dumps
I will try with a genuine kernel without any modifications and let you know if
that improves things.
What puzzles me is that the environment has not changed a bit. Same
||
--- Comment #3 from Mike ---
Created attachment 203583
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=203583&action=edit
ipnat -s dump
--
You are receiving this mail because:
You are the assignee for the bug.
___
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237197
Mike changed:
What|Removed |Added
Attachment #203582|text/x-log |text/plain
mime type|
Status|New |Open
Assignee|b...@freebsd.org|n...@freebsd.org
Summary|ipnat NAt failures |ipnat dropping connections
||after upgrade to 11.2
--- Comment #1 from Kubilay Kocak ---
@Mike
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=115239
Josh Paetzel changed:
What|Removed |Added
Status|In Progress |Closed
Resolution|---
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208566
Cy Schubert changed:
What|Removed |Added
Assignee|freebsd-net@FreeBSD.org |c...@freebsd.org
CC|
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208566
--- Comment #2 from andywh...@gmail.com ---
Aleks
can you post output of ipnat -s ? for me I see "bucket max in" increasing when
things are not working right
--
You are receiving this mail because:
You are the assignee f
--- Comment #1 from andywh...@gmail.com ---
I have similar problems, very hard to debug. reboot fixes it though.
there are reports
https://forums.freebsd.org/threads/50432/
https://forums.freebsd.org/threads/50618/
there is a report here of other ipnat issues that I can't replicate
Summary|Ipnat (10.1-10.2) |Ipnat (10.1-10.2) does not
||work properly after 1-2
||days
--
You are receiving this mail because:
You are the assignee for the bug
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191343
Cy Schubert changed:
What|Removed |Added
CC||c...@freebsd.org
Assignee|
Summary|ipnat error at boot |[ipnat] ipnat error at boot
|disables active sessions|disables active sessions
--- Comment #3 from Mark Linimon ---
Over to maintainers.
--
You are receiving this mail because:
You are the assignee for the bug
Synopsis: [ipfilter] panic from ipfilter/ipnat when VIMAGE options used
Responsible-Changed-From-To: freebsd-net->cy
Responsible-Changed-By: cy
Responsible-Changed-When: Wed Jul 3 05:24:38 UTC 2013
Responsible-Changed-Why:
Mine.
http://www.freebsd.org/cgi/query-pr.cgi?pr=176
Synopsis: [ipfilter] Fatal trap in ipfilter/ipnat
Responsible-Changed-From-To: freebsd-net->cy
Responsible-Changed-By: cy
Responsible-Changed-When: Wed Jul 3 05:23:44 UTC 2013
Responsible-Changed-Why:
Mine.
http://www.freebsd.org/cgi/query-pr.cgi?pr=167
Synopsis: [ipfilter]: ipnat + ipfilter source routing not handling ftp properly
Responsible-Changed-From-To: freebsd-net->cy
Responsible-Changed-By: cy
Responsible-Changed-When: Wed Jul 3 05:20:22 UTC 2013
Responsible-Changed-Why:
Mine.
http://www.freebsd.org/cgi/query-pr.cgi?pr=127
Synopsis: [ipfilter] FreeBSD 6.1+VPN+ipnat+ipf: port mapping does not work
Responsible-Changed-From-To: freebsd-net->cy
Responsible-Changed-By: cy
Responsible-Changed-When: Wed Jul 3 05:20:07 UTC 2013
Responsible-Changed-Why:
Mine.
http://www.freebsd.org/cgi/query-pr.cgi?pr=123
Synopsis: [ipfilter] ipnat doesn't handle out of order fragments.
Responsible-Changed-From-To: freebsd-net->cy
Responsible-Changed-By: cy
Responsible-Changed-When: Wed Jul 3 05:17:30 UTC 2013
Responsible-Changed-Why:
Mine.
http://www.freebsd.org/cgi/query-pr.cgi?
Synopsis: [ipfilter] ipnat problem with IP Fastforward enabled
Responsible-Changed-From-To: freebsd-net->cy
Responsible-Changed-By: cy
Responsible-Changed-When: Wed Jul 3 05:16:26 UTC 2013
Responsible-Changed-Why:
Mine.
http://www.freebsd.org/cgi/query-pr.cgi?pr=72
Synopsis: [ipfilter] ipfilter ipnat problem with h323 proxy support
Responsible-Changed-From-To: freebsd-net->cy
Responsible-Changed-By: cy
Responsible-Changed-When: Wed Jul 3 05:10:54 UTC 2013
Responsible-Changed-Why:
Mine.
http://www.freebsd.org/cgi/query-pr.cgi?pr=70
Synopsis: [ipfilter] ipnat corrupts packets on gre interface with rules
Responsible-Changed-From-To: freebsd-net->cy
Responsible-Changed-By: cy
Responsible-Changed-When: Wed Jul 3 05:10:26 UTC 2013
Responsible-Changed-Why:
Mine.
http://www.freebsd.org/cgi/query-pr.cgi?pr=48
Synopsis: [ipfilter] ipnat fails to start after upgrade to RELENG_5_4
State-Changed-From-To: open->closed
State-Changed-By: linimon
State-Changed-When: Wed Jul 3 01:53:09 UTC 2013
State-Changed-Why:
Submitter's email address bounces.
http://www.freebsd.org/cgi/query-pr.cgi?
Synopsis: [ipfilter] panic from ipfilter/ipnat when VIMAGE options used
State-Changed-From-To: open->open
State-Changed-By: linimon
State-Changed-When: Wed Jul 3 00:50:32 UTC 2013
State-Changed-Why:
commit bit has been taken in for safekeeping.
Responsible-Changed-From-To: darrenr->freeb
Synopsis: [ipfilter] Fatal trap in ipfilter/ipnat
State-Changed-From-To: feedback->feedback
State-Changed-By: linimon
State-Changed-When: Wed Jul 3 00:50:32 UTC 2013
State-Changed-Why:
commit bit has been taken in for safekeeping.
To submitter: is this still a problem?
Responsible-Chan
Synopsis: [ipfilter]: ipnat + ipfilter source routing not handling ftp properly
State-Changed-From-To: open->open
State-Changed-By: linimon
State-Changed-When: Wed Jul 3 00:50:32 UTC 2013
State-Changed-Why:
commit bit has been taken in for safekeeping.
Responsible-Changed-From-To: darr
Old Synopsis: ipnat doesn't handle out of order fragments.
New Synopsis: [ipfilter] ipnat doesn't handle out of order fragments.
State-Changed-From-To: suspended->suspended
State-Changed-By: linimon
State-Changed-When: Wed Jul 3 00:50:32 UTC 2013
State-Changed-Why:
commit bit has
Old Synopsis: ipnat fails to start after upgrade to RELENG_5_4
New Synopsis: [ipfilter] ipnat fails to start after upgrade to RELENG_5_4
State-Changed-From-To: open->open
State-Changed-By: linimon
State-Changed-When: Wed Jul 3 00:50:32 UTC 2013
State-Changed-Why:
commit bit has been taken in
Old Synopsis: ipnat problem with IP Fastforward enabled
New Synopsis: [ipfilter] ipnat problem with IP Fastforward enabled
State-Changed-From-To: open->open
State-Changed-By: linimon
State-Changed-When: Wed Jul 3 00:50:32 UTC 2013
State-Changed-Why:
commit bit has been taken in for safekeep
Old Synopsis: ipnat corrupts packets on gre interface with rules
New Synopsis: [ipfilter] ipnat corrupts packets on gre interface with
rules
State-Changed-From-To: open->open
State-Changed-By: linimon
State-Changed-When: Wed Jul 3 00:50:32 UTC 2013
State-Changed-Why:
commit bit has been ta
The problem is that you have a port range of 0 in an
ipnat.conf line. Quick solution is to ensure that all
ipnat.conf lines specify a range of ports of greater than 0.
Otherwise patch below applies.
Darren
--- /tmp/ip_nat.c.orig 2012-06-06 04:31:31.0 +1000
+++ /tmp/ip_nat.c 2012-0
Synopsis: [ipfilter] Fatal trap in ipfilter/ipnat
State-Changed-From-To: open->feedback
State-Changed-By: darrenr
State-Changed-When: Tue Jun 5 18:31:16 UTC 2012
State-Changed-Why:
Responsible-Changed-From-To: freebsd-net->darrenr
Responsible-Changed-By: darrenr
Responsible-Changed-Whe
The following reply was made to PR kern/167768; it has been noted by GNATS.
From: Marc Albers
To: bug-follo...@freebsd.org,
bsd...@bospaling.nl
Cc:
Subject: Re: kern/167768: [ipfilter] Fatal trap in ipfilter/ipnat
Date: Sat, 2 Jun 2012 19:30:48 +0200
switching the external (re0) and
The following reply was made to PR kern/167768; it has been noted by GNATS.
From: Marc Albers
To: bug-follo...@freebsd.org,
bsd...@bospaling.nl
Cc:
Subject: Re: kern/167768: [ipfilter] Fatal trap in ipfilter/ipnat
Date: Sun, 20 May 2012 18:58:01 +0200
so I guess the alternative is to
Old Synopsis: Fatal trap in ipfilter/ipnat
New Synopsis: [ipfilter] Fatal trap in ipfilter/ipnat
Responsible-Changed-From-To: freebsd-bugs->freebsd-net
Responsible-Changed-By: linimon
Responsible-Changed-When: Thu May 10 15:01:32 UTC 2012
Responsible-Changed-Why:
Over to maintainer(s).
h
We're trying to get the following config working but as
soon as we try to assign an outbound range to in ipnat.rules
the machine will hard lock, not even capslock light will
activate.
[rc.conf]
defaultrouter="217.41.248.1"
ifconfig_em0="inet 217.41.248.10 netmask 255.255.255.0"
ifconfig_em0_alia
rhaps once or twice daily) this box will panic, reboot and cause many
people to call me at once to threaten my man bits...
Currently:
FreeBSD 7.0 Stable i386 kernel
The firewall kernel modules are loaded on boot and are not compiled in.
IPFilter is doing the firewall work on the public interfaces
Old Synopsis: Getting some packages to the ipnat causes crash
New Synopsis: [nat] Getting some packages to ipnat(8) causes crash
Responsible-Changed-From-To: freebsd-bugs->freebsd-net
Responsible-Changed-By: linimon
Responsible-Changed-When: Fri Mar 6 16:10:27 UTC 2009
Responsible-Changed-
Hey all,
I manage a pretty busy website and I've been perplexed by this problem
for some time. ipnat -s shows something like this:
mapped in 837904779 out 1055985985
added 79997334 expired 0
no memory 0 bad nat 500334
inuse 11764
rules 5
wilds 0
What troubles me i
[EMAIL PROTECTED] wrote:
Old Synopsis: Port mapping does not work
New Synopsis: FreeBSD 6.1+VPN+ipnat+ipf: port mapping does not work
Responsible-Changed-From-To: gnats-admin->freebsd-net
Responsible-Changed-By: linimon
Responsible-Changed-When: Sun May 18 22:45:21 UTC 2008
Responsible-Chan
Old Synopsis: Port mapping does not work
New Synopsis: FreeBSD 6.1+VPN+ipnat+ipf: port mapping does not work
Responsible-Changed-From-To: gnats-admin->freebsd-net
Responsible-Changed-By: linimon
Responsible-Changed-When: Sun May 18 22:45:21 UTC 2008
Responsible-Changed-Why:
Rescue this PR f
Old Synopsis: panic with 'kmem_map too small' using ipnat
New Synopsis: [ipnat] panic with 'kmem_map too small' using ipnat
Responsible-Changed-From-To: freebsd-bugs->freebsd-net
Responsible-Changed-By: linimon
Responsible-Changed-When: Tue Aug 7 09:57:18 UTC 2007
Respons
Hi,
I'm using ipnat for one to one mappings in my FreeBSD router using IPnat. I
got several interfaces plus Vlans ;
rl0 - Local (192.168.0.x), em0, em1, em2, em3 - External (internet), em4,
vlan0, vlan1, vlan2, vlan3, vlan4, vlan5, vlan6, vlan7, vlan8, vlan9 - DMZ (
202.xxx.10.x)
172.20.154.0/24 -> 196.23.176.187/32
On Wednesday 28 September 2005 07:20, you wrote:
> On Wed, 28 Sep 2005 06:41:33 +
>
> Lourik Malan <[EMAIL PROTECTED]> wrote:
> > Hi There
> >
> > I'm running FreeBSD 5.4 and ipnat. Ipnat works on 187 but not any of
On Wed, 28 Sep 2005 06:41:33 +
Lourik Malan <[EMAIL PROTECTED]> wrote:
> Hi There
>
> I'm running FreeBSD 5.4 and ipnat. Ipnat works on 187 but not any of
> the aliasip address. Any idee?
>
> ifconfig_rl0=" inet 196.23.176.187 netmask
>
Hi There
I'm running FreeBSD 5.4 and ipnat. Ipnat works on 187 but not any of the
aliasip address. Any idee?
ifconfig_rl0=" inet 196.23.176.187 netmask 255.255.255.240"
ifconfig_rl0_alias0=" inet 196.23.176.188 netmask 255.255.255.255"
ifconfi
.154.3/32 -> 196.23.176.186/32
map xl1 172.20.154.0/24 -> 196.23.176.187/32
RC.conf
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="OPEN"
firewall_quiet="NO"
firewall_logging="YES"
firewall_flags=
;
firewall_quiet="NO"
firewall_logging="YES"
firewall_flags=""
ipfilter_enable="YES"
ipfilter_program="/sbin/ipf"
ipfilter_rules="/etc/ipf.rules"
ipfilter_flags=""
ipnat_enable="YES"
ipnat_program="/sbin/ipnat"
ip
hi,folks:
here's my network's layout:
|
|
em0 (160.79.174.99/29)
GateWay (FreeBSD 5.x ipf/ipnat, gateway_enabled)
em1 (192.
Since I am having ipnat problems on FreeBSD 5.4, and none on 5.3, I was
hoping to help out the matter of tracking down the bug. I was wanting a
little help with backing out some CVS changes made in the last three
months to the kernel.
I see now that ipnat has undergone a major update between
this was
> > not the case.
> >
> > Are there any change to have this fixed in RELENG_4 ? I know that no
> > more releases are scheduled in this branch, but there is no obvious
> > reason to let a bug live there IMHO.
>
> 4.1 is still broken. I understand that
ow that no
> more releases are scheduled in this branch, but there is no obvious
> reason to let a bug live there IMHO.
4.1 is still broken. I understand that RELENG_4 is at end of its life
but ipnat/dummynet interaction further breakage between 4.10 and 4.11
(due to IPFilter 3.4.35 import) is, IM
rom m0n0wall, a FreeBSD-based
firewall package. The original is at:
http://m0n0.ch/wall/docbook/
I have some thoughts about this, but they're way off-topic for this
list.
> The problem here is that ipnat and bridging (at least as implemented in
> FreeBSD) don't play well together.
0.0.0.0/32 portmap tcp/udp auto
rdr em0 0.0.0.0/0 port 80 -> 192.168.1.54 port 80
# ipnat -l
List of active MAP/Redirect filters:
rdr em0 0.0.0.0/0 port 80 -> 192.168.1.54 port 80 tcp
map em0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp/udp auto
List of active sessions:
RDR 192.
;ve listed it just in case
ZL> /etc/pf.conf
ZL> nat on em0 from em1:network to any -> (em0)
ZL> rdr on em0 proto tcp from any to em0 port 80 -> 192.168.1.54 port 80
ZL> My IPFILTER rule is just as simple
ZL> /etc/ipnat.conf
ZL> map em0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp/
r LAN
interface behind a NAT. This is actually a fairly reasonable and natural
thing to want to do.
The problem here is that ipnat and bridging (at least as implemented in
FreeBSD) don't play well together. Packets from the LAN to the DMZ go out
just fine, but in the other direction, it seem
ontent-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On Monday 22 November 2004 19:29, Pawel Malachowski wrote:
I'm interested in opinions/comparisons how ipnat and pf perform
on FreeBSD 5.x in real working large NAT setups (about 50Mbit/s, few
thousands of workstations, 300k
On Monday 22 November 2004 19:29, Pawel Malachowski wrote:
> I'm interested in opinions/comparisons how ipnat and pf perform
> on FreeBSD 5.x in real working large NAT setups (about 50Mbit/s, few
> thousands of workstations, 300k of mappings or more). Problems noticed,
&g
Hello,
I'm interested in opinions/comparisons how ipnat and pf perform
on FreeBSD 5.x in real working large NAT setups (about 50Mbit/s, few
thousands of workstations, 300k of mappings or more). Problems noticed,
memory and CPU consumption, mbufs utilization etc.
TIA,
--
On Mon, 09-Aug-2004 at 18:37:39 +0200, Pawel Malachowski wrote:
> On Fri, Aug 06, 2004 at 12:54:08AM +0200, Pawel Malachowski wrote:
>
> > I can see weird behavior of this command:
> > traceroute -s privateIP -P UDP dst
> > Outgoing UDP packets are translated, ICMP time-exceded message comes b
> With this ruleset, UDP-traceroute doesn't work (ICMP- works):
Just feeding list archives:
This problem was also described and analysed by Andre Albsmeier on IPFilter
mailing list [1].
Shouldn't be IPFilter v3.4.35 backed out from RELENG_4 until fix arrives?
[1]
http://groups.google.pl/groups?
6 ms 47.247 ms
8 kbn-bb2-pos1-2-0.telia.net (213.248.65.126) 45.860 ms 51.259 ms 36.435 ms
9 nyk-bb2-pos5-0-0.telia.net (213.248.64.34) 138.898 ms 136.887 ms^C
% ipnat -s
mapped in 246213324 out 246453277
added 6502341 expired 6484448
no memory 0 bad nat 5308
Hello,
Can anobody here confirm that newest 3.4.35 IPFilter in RELENG_4 works with
no problems when IPNATing traceroute UDP (+ICMP response) packets?
I can see weird behavior of this command:
traceroute -s privateIP -P UDP dst
Outgoing UDP packets are translated, ICMP time-exceded message
I'm having a weird ipnat/ipf problem. I think its more ipnat related then
ipf.
First, the ipf rules :
# block anything to our netblock but allow further processing
block in on fxp0 from any to 64.74.133.224/27
block in on fxp0 from any to 192.168.0.0/16
# allow everything out and keep
On 2004-06-09 11:20, Danny Horne <[EMAIL PROTECTED]> wrote:
> Can anyone direct me to a good tutorial on ipf / ipnat? Specifically
> I need to open a contiguous range of ports with ipf & then forward
> them (rdr?) to an internal IP address with ipnat.
The first is easy to se
Hi all,
Can anyone direct me to a good tutorial on ipf / ipnat? Specifically I need to
open a contiguous range of ports with ipf & then forward them (rdr?) to an
internal IP address with ipnat.
Thanks for all replies
Hi all,
My setup :
--
FreeBSD hostname 4.10-PRERELEASE FreeBSD 4.10-PRERELEASE #2: Wed Apr 28
09:40:43 EST 2004
fxp0 : link to the outside world
fxp1 : link to LAN
fxp2 : link to DMZ
ipf firewall
ipnat for LAN and rdr for services.
--
I'm running tcpmssd to fix MSS:
/usr/local/bin/tcpms
I have looked at the FAQ, the handbook, The Complete FreeBSD, and haven't
found anything like what I'm looking for.
There seems to be 2-3 implementations of access control lists and
2-3 implementations of network address translation that apply to
FreeBSD.
Is there anywhere that discusses the rela
--=-=-=
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Hello,
I'm using the following setup :
FreeBSD 4.8-RELEASE-p14 with stock ipfilter 3.4.31
(uname -a attached)
I'm using the following ipnat rules
# Nat rules
map ng0 192.168.10.0/24 -> 0/32 proxy
Sorry I did not. So maybe I should not answer.
By the way, I think that a ng_nat would have quite the same perfomance than
ipnat. Moreover I think that many ng_nat_xxx would be required in order to
support the ALGs:
- ng_nat_ftp
- ng_nat_sip
- ng_nat_h323
- ...
ng_nat would be only the
Has anyone implemented NAT as a Netgraph node?
If so, how does performance compare to natd and ipnat?
Regards,
BMS
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[
I have the following rules in ipnat.rules:
rdr tun0 0/32 port 19995 -> 192.168.2.2 port 19995
rdr tun0 0/32 port 19996 -> 192.168.2.2 port 19996
rdr tun0 0/32 port 19997 -> 192.168.2.2 port 19997
rdr tun0 0/32 port 19998 -> 192.168.2.2 port 19998
rdr tun0 0/32 port 1 -> 19
On Sun, 2003-08-24 at 17:31, Jayel wrote:
> well I searched google and several messages came up with the suggestion of using
> tircproxy. I then installed tircproxy from ports and ran the configure my setup to
> use transparent proxy.
>
> as a test I ran the script (tircproxy -d9 -s 7666 -MILHR
well I searched google and several messages came up with the suggestion of using
tircproxy. I then installed tircproxy from ports and ran the configure my setup to use
transparent proxy.
as a test I ran the script (tircproxy -d9 -s 7666 -MILHR -i 10.10.10.254) as suggested
by the online manual
On Mon, Mar 10, 2003 at 10:09:13PM -0800, Static wrote:
> Hello List,
>
> I just recently did a buildworld on my gateway machine and now ipnat
> appears to not want to cooperate.
You also built and installed a new kernel from the same codebase,
correct? You will likely have IPFilter
Hi,
Maybe you dont set gateway_enable="YES"
in /etc/rc.conf
ot sysctl net.inet.ip.forwarding=1
On Mon, Mar 10, 2003 at 10:09:13PM -0800, Static wrote:
> PITA# ipnat -l
> List of active MAP/Redirect filters:
> map tun0 192.168.1.0/0 -> 0.0.0.0/32
> map tun0 0.0.0.0/0 ->
Hello List,
I just recently did a buildworld on my gateway machine and now ipnat
appears to not want to cooperate. I'm trying to nat port 80 from my
outside interface into an apache server on my network.
uname -a
FreeBSD PITA.ninja-assassin.com 4.7-STABLE FreeBSD 4.7-STABLE #2: Thu Jan
Shawn Dillon wrote:
I have a freebsd 5.0 box running IPNAT and IPF as a firewall. I
currently have five static IPS with my ISP. With my ISP I must
register the MAC address of the adapter to obtain an IP. Thus I have
a FreeBSD box with six nics in it ( all 3c905C).
If they are static addresses
I need some help.
I have a freebsd 5.0 box running IPNAT and IPF as a firewall. I currently have five
static IPS with my ISP. With my ISP I must register the MAC address of the adapter to
obtain an IP. Thus I have a FreeBSD box with six nics in it ( all 3c905C).
The basic config is as follows
> I am hoping this is the right forum for my question
>
> I am running 4.7-STABLE as of 18th Jan 2003, usinf ipf/ipnat for firewall,
> during normal loads (ipnat -l showing about 1000 connections) everything
> works fine, but during higher loads ipnat -l showing over 3000 conns,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
I am hoping this is the right forum for my question
I am running 4.7-STABLE as of 18th Jan 2003, usinf ipf/ipnat for firewall,
during normal loads (ipnat -l showing about 1000 connections) everything
works fine, but during higher loads ipnat -l
1 - 100 of 114 matches
Mail list logo
